<?PHP
session_cache_limiter('private, must-revalidate');
session_start();

//restrict page access
if(!isset($_SESSION['user']) || $_SESSION['role'] != 2 || !isset($_GET['movid']))
  {
    header('Location:index.php');
    exit;
  }

include("std_dbs.php");
include("header.php");
?>

		<!-- start content -->
		<div id="content">
			<div class="post">
				<h1 class="title"><a href="#">Movie Details</a></h1>
		<div class="entry">
  <font color='red'><?php echo $message . "<br />"; ?></font>
		
<?PHP

//
// -- This part checks if we accepted the movie
//		
if(isset($_POST['submit']))
  {
    $movtitle = addslashes($_POST['movtitle']);
    $movyear = addslashes($_POST['movyear']);
    $movbudget = addslashes($_POST['movbudget']);
    $movruntime = addslashes($_POST['movruntime']);
    $movdesc = addslashes($_POST['movdesc']);
    $movid = $_POST['movid'];
    $imgcover = addslashes($_POST['imgcover']);	

    if($movtitle=='')
      $message = "You must enter a title!";
    else
      {

	$userId = $_SESSION['userid'];

	//build query
	$query ="UPDATE MOVIES SET MOVTITLE = '$movtitle', MOVYEAR = '$movyear', MOVBUDGET = '$movbudget', MOVRUNTIME = '$movruntime', MOVDESC = '$movdesc', 
PENDSTATUS=0, IMGCOVER='$imgcover' WHERE MOVID = ".$movid;

	//Prepare and execute query
	$stid = oci_parse($connect, $query);
	$r = oci_execute($stid); 
		
	if (!$r)
	  {
	    $e = oci_error($stid);  // For oci_execute errors pass the statement handle
	    print htmlentities($e['message']);
	    print "\n<pre>\n";
	    print htmlentities($e['sqltext']);
	    echo $e['message'];
	    printf("\n%".($e['offset']+1)."s", "^");
	    print  "\n</pre>\n";
	  }

	oci_commit($stid);
		
	unset($_POST['submit']);
	header("Location: admin.php");
      }
  }

if(isset($_POST['delete']))
  {
    $movid = $_POST['movid'];
    $query = "UPDATE MOVIES SET PENDSTATUS = 3, DATEACCEPTED = SYSDATE WHERE MOVID = $movid";
    $stid = oci_parse($connect, $query);
    if($stid == false)
      {
	$e = oci_error($connect);
	echo "ERROR: error parsing query to delete movie <br />";
	echo "MSG: ".$e['message']."<br />";
	exit;
      }

    $ret = oci_execute($stid);
    if($ret == false)
      {
	$e = oci_error($stid);
	echo "ERROR: error executing query to delete movie <br />";
	echo "MSG: ".$e['message']."<br />";
	exit;
      }

    oci_commit($connect);
    header('Location: admin.php');
  }


//
// -- This part displays information about the movie
//     	
$movid = $_GET['movid'];

$query = "SELECT MOVID, MOVTITLE, SUBMITTERID, MOVDESC, MOVYEAR, MOVBUDGET, MOVRUNTIME, PENDSTATUS, IMGCOVER, TRAILER FROM MOVIES WHERE MOVID = ".$movid;
$stid = oci_parse($connect, $query);
if($stid == false)
  {
    $e = oci_error($connect);
    echo "ERROR: error parsing query to get the information for the movie <br />";
    echo "MSG: ".$e['message']."<br />";
    exit;
  }

$ret = oci_execute($stid);
if($ret == false)
  {
    $e = oci_error($stid);
    echo "ERROR: error executing query to get the information for the movie <br />";
    echo "MSG: ".$e['message']."<br />";
    exit;
  }

$row = oci_fetch_array($stid, OCI_ASSOC);

// get the submitter's username from the submitterid
$subQuery = "SELECT USERNAME FROM USERS WHERE USERID = ".$row['SUBMITTERID'];
$subStid = oci_parse($connect, $subQuery);
if($subQuery == false)
  {
    $submitter = "PARSE ERROR";
  }
$ret = oci_execute($subStid);
if($ret == false)
  {
    $submitter = "EXEC ERROR";
  }

$subRow = oci_fetch_array($subStid);
$submitter = $subRow['USERNAME'];

echo "<form method='POST'>";
$imgcover = $row['IMGCOVER'];
echo "<table width='90%'>";
echo "<tr><td><img src='content/covers/$imgcover' width=150 height='200'></td></tr>";    
echo "<tr><td>ID:</th><td>".$row['MOVID']."</td>";
echo "<tr><td>Title:</th><td><input type='text' name='movtitle' value='".$row['MOVTITLE']."' /></td>";
echo "<tr><td>Movie Year:</th><td><input type='text' name='movyear' value='".$row['MOVYEAR']."' /></td>";
echo "<tr><td>Movie Budget:</th><td><input type='text' name='movbudget' value='".$row['MOVBUDGET']."' /></td>";
echo "<tr><td>Movie Runtime:</th><td><input type='text' name='movruntime' value='".$row['MOVRUNTIME']."' /></td>";
echo "<tr><td>Movie Description:</th><td><input type='text' name='movdesc' value='".$row['MOVDESC']."' /></td>";
echo "<tr><td>Image Cover:</th><td><input type='text' name='imgcover' value='".$row['IMGCOVER']."' /></td>";
echo "</table>";

echo "<input type='submit' name='submit' value='Accept Movie' />";
echo "<input type='submit' name='delete' value='Delete Movie' />";
echo "<input type='hidden' name='movid' value='".$movid."' />";

echo "</form>";
?>

</div>
</div>
</div>
		<!-- end content -->

<?php include('footer.php'); ?>
		

